diff options
author | salo <salo> | 2004-09-07 22:14:09 +0000 |
---|---|---|
committer | salo <salo> | 2004-09-07 22:14:09 +0000 |
commit | a7eab3aea3b215b98407bb0c2a91a5575da21527 (patch) | |
tree | 5aa40d0538a652dadb25db85efc7556e7f4d446e /audio/mpg123/patches | |
parent | 9a3f7412c2f1222061fbd87dbb27498fce0bac85 (diff) | |
download | pkgsrc-a7eab3aea3b215b98407bb0c2a91a5575da21527.tar.gz |
PKGREVISION++
- fix a buffer overflow:
"A malicious formatted mp3/2 causes mpg123 to fail header checks,
this may allow arbitrary code to be executed with the privilege
of the user trying to play the mp3."
- patch from Debian but retain code style.
Diffstat (limited to 'audio/mpg123/patches')
-rw-r--r-- | audio/mpg123/patches/patch-ar | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/audio/mpg123/patches/patch-ar b/audio/mpg123/patches/patch-ar new file mode 100644 index 00000000000..0e8d87d8d0a --- /dev/null +++ b/audio/mpg123/patches/patch-ar @@ -0,0 +1,19 @@ +$NetBSD: patch-ar,v 1.1 2004/09/07 22:14:09 salo Exp $ + +CVE: CAN-2004-0805 + +--- layer2.c.orig 1999-02-10 13:13:06.000000000 +0100 ++++ layer2.c 2004-09-08 00:00:06.000000000 +0200 +@@ -265,6 +265,12 @@ + fr->jsbound = (fr->mode == MPG_MD_JOINT_STEREO) ? + (fr->mode_ext<<2)+4 : fr->II_sblimit; + ++ if (fr->jsbound > fr->II_sblimit) ++ { ++ fprintf(stderr, "Truncating stereo boundary to sideband limit.\n"); ++ fr->jsbound=fr->II_sblimit; ++ } ++ + if(stereo == 1 || single == 3) + single = 0; + |